[sudo-users] Feature request - chdir option

Ladner, Eric (Eric.Ladner) Eric.Ladner at chevron.com
Mon Oct 17 10:28:07 EDT 2005

Is this not equivalent (and shorter)

	$ sudo ls -l /usr/local/protected


-----Original Message-----
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of Michael Hill
Sent: Thursday, October 13, 2005 11:25 AM
To: sudo-users at sudo.ws
Subject: [sudo-users] Feature request - chdir option

I understand the obvious reason "sudo cd /usr/local/protected" doesn't
work.  What I'd like to suggest is a command line option that would let
you specify the directory in which to execute the command.  E.g.

	$ sudo -C /usr/local/protected ls -l

We run a large environment (over 300 servers under my department alone)
and we are trying to wean users off of "sudo sh", preferring "sudo ALL"
with some "dangerous" commands excluded.  The workaround suggested in
the man page, "sudo sh -c 'cd /usr/local/protected; ls -l'", still
requires granting "sudo sh" capability.  This is about the only
remaining barrier to eliminating "sudo sh", since there are some
commands that need to be run from a directory for which the user doesn't
have execute permission.

Even though this just occurred to me this morning, it seems so obvious
that I can't believe nobody has thought of it before.  Is there some
reason it won't work as I've conceived?  If not, please consider
seriously implementing such an option.

Thank you.


Michael Hill   <><  Isaiah 9:6 |
msh AT qadas DOT com           |
Aerospace/Software Engineer    | 
http://www.qadas.com/~msh/     |
---In a marketplace (like the one of ideas), not everything has equal
value!--- Did you ever notice that everybody in favor of abortion has
already been born?!

More information about the sudo-users mailing list